U.S. Pursues Harmonized Cybersecurity Regulation to Ease Compliance Burden

The U.S. is working to harmonize cybersecurity regulations across sectors to address compliance challenges faced by organizations. Senator Gary Peters introduced the Streamlining Federal Cybersecurity Regulation Act, proposing an interagency committee within the Office of the National Cyber Director (ONCD) to unify regulatory efforts. This initiative aims to simplify compliance processes, reduce costs, and establish baseline cybersecurity standards. The ONCD’s recent National Cybersecurity Strategy Implementation Plan aligns with these goals, focusing on critical infrastructure protection and regulatory coordination. Read more

HealthEquity Data Breach Exposes 4.3 million Americans’ Personal Information

HealthEquity, a major health finance company, reported that hackers accessed personal information of 4.3 million users, including names, addresses, health histories, and Social Security numbers. The breach occurred through a third-party vendor’s access to HealthEquity’s Microsoft SharePoint data. Although the breach happened in March 2024, it was confirmed in June. HealthEquity has disabled affected accounts and is monitoring for potential misuse. Impacted customers will be notified, and the company has implemented additional security measures. The investigation remains ongoing. Read more

Columbus Faces Cybersecurity Breach, Launches Forensic Investigation

Columbus City officials addressed a cybersecurity breach that occurred on July 24, exposing city email addresses and passwords. Immediate actions were taken to secure the system, though no ransomware attack occurred. The city enlisted two firms: S-RM for forensic investigation and incident response, and Pierson Ferdinand LLP for insurance claims. Columbus is covered by a $1 million cybersecurity insurance policy. The city's VPN remains down, but recovery efforts are ongoing. Mayor Ferdon emphasized the importance of vigilance against cyber threats. Read more

Jerico Pictures Faces Lawsuit Over Massive Data Breach Affecting 2.9 Billion Individuals

A class action lawsuit was filed against Jerico Pictures Inc., known as National Public Data, following an alleged data breach that exposed the personal information of nearly 3 billion people. The breach, disclosed on April 8 by the hacker group USDoD, involved the sale of sensitive data on a dark web forum. Plaintiff Christopher Hofmann seeks damages and stricter data security measures, accusing the company of negligence and unjust enrichment. The breach could be one of the largest on record. Read more

Judge Questions $217 Million Legal Fee Request in Google Data Collection Case

A U.S. judge expressed skepticism over awarding the full $217 million in legal fees requested by Boies Schiller Flexner and other firms in a lawsuit against Google. The 2020 suit accused Google of collecting user data in Incognito mode, but settled without monetary damages. Judge Yvonne Gonzalez Rogers highlighted that the plaintiffs failed to win on a damages claim, questioning the reasonableness of the fee request. Google argued the fees were excessive and urged significant reductions. Read more